Skip to content

GDPR enforcement in 2024

318 decisions · €148.0M total fines · ← 2023 · 2025 →

Date ↓ Company / party Authority Articles Fine
2024-05-30 PILLOW HOTELS, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32Art. 33 €4,200
2024-05-30 Corint Logistic SRL.
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 17Art. 21 €2,000
2024-05-28 CAIXABANK S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €70,000
2024-05-28 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2024-05-27 Ministry of Interior (Greece)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5 €400,000
2024-05-27 Member of the European Parliament
Insufficient legal basis for data processing
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 6Art. 14 €40,000
2024-05-25 Association
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) €15,000
2024-05-25 Association
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) €10,000
2024-05-24 VOX ESPAÑA
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €1,000
2024-05-23 Azienda Sanitaria Locale TO4
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €8,400
2024-05-23 Pubilc educational institution
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) €6,000
2024-05-23 Azienda Socio-sanitaria Territoriale Rhodense
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 12Art. 16 €4,500
2024-05-23 Professional association
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 27Art. 2 €3,500
2024-05-23 President of a workers' council
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €600
2024-05-22 WATIUM S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €96,000
2024-05-22 CUBILLO GALLEGO S.L.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €3,000
2024-05-20 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 32 €336,000
2024-05-14 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2024-05-09 Azienda ospedale università di Padova
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €75,000
2024-05-09 Azzurro Club Hotels S.r.l.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 6Art. 12Art. 15Art. 130 €10,000
2024-05-09 Medical association
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 2 €3,000
2024-05-09 Polisportiva Mimmo Ferrito s.r.l..
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 12Art. 15 €3,000
2024-05-09 IRIDEX GROUP SALUBRIZARE SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2024-05-09 Homeowners' association
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €1,600
2024-05-09 MEDICOVER SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,000